Opened 5 years ago

Closed 5 years ago

#16089 closed defect (not a bug)

samy.pl evercookie on Tor 4.5.1 on highest security setting

Reported by: teor Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The evercookie code at http://samy.pl/evercookie/ is disabled when JavaScript is disabled in Tor Browser 4.5.1.

However, when JavaScript is enabled, even on the highest security level, the following evercookie methods allow websites to persist data:

cookieData mechanism: 414
localData mechanism: 414
sessionData mechanism: 414
windowData mechanism: 414
etagData mechanism: 414
cacheData mechanism: 414

This data persists when the page is refreshed, and when the browser tab or window is closed.

However, when the browser is restarted, all persistent evercookie data is cleared.

Is this the expected behavior?

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by gk

Keywords: needs-triage removed
Resolution: not a bug
Status: newclosed

Yes.

Note: See TracTickets for help on using tickets.